Finding what is using sendmail.

From: Cian O'Sullivan (Cian@logic.bm)
Date: Sun Jun 09 2002 - 11:14:14 EDT

• Next message: Dave Sill: "Administrivia: Tru64-UNIX-Managers information and policy statement"
• Previous message: Edward Silver: "ES45 to ES45"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Gurus,

I have an old 4.0D box that has been a web server since the titanic was built. Unfortunatly it is still being used, and the handfull of customers have all sorts of individual customised cgi's.

SpamCop has indicated that this box may have been comprimised, and being used as a relay, however a telnet mail.server 25 still gives a 550 relay reject error. So I think someone is routing the mail through a local cgi.

I chmod -x /usr/lib/sendmail, however I need to have that enabled for legite mail. Can someone please give me guidnace in detmining where this mail might be spawning from. I dont want this /24 ending up on a spam list.

Cheers

Cian

• Next message: Dave Sill: "Administrivia: Tru64-UNIX-Managers information and policy statement"
• Previous message: Edward Silver: "ES45 to ES45"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:48:43 EDT